Risk Management June 29, 2023

Is open-source security a ticking cyber time bomb?

4 min read - Software depends on layers of code, and much of that code comes from open-source libraries. According to an Octoverse 2022 report, open-source code is used in 97% of applications. Not only do developers embrace open source, but so do nine…

Risk Management June 28, 2023

A software bill of materials helps secure your supply chain

6 min read - The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend upon open-source components and libraries. These can be sourced from external vendors like Docker images…

Artificial Intelligence May 2, 2023

ChatGPT confirms data breach, raising security concerns

4 min read - When ChatGPT and similar chatbots first became widely available, the concern in the cybersecurity world was how AI technology could be used to launch cyberattacks. In fact, it didn’t take very long until threat actors figured out how to bypass…

Risk Management January 23, 2023

Log4j forever changed what (some) cyber pros think about OSS

4 min read - In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Government August 29, 2022

How cybersecurity policy has changed since the SolarWinds attack

3 min read - Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source…

Incident Response January 7, 2022

5 Things New with Bug Bounty Programs

4 min read - On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to…

Incident Response December 3, 2021

What the Internet Bug Bounty Teaches About Open-Source Software Security

4 min read - The security platform HackerOne recently announced the latest version of their Internet Bug Bounty (IBB) program. The IBB strives to enhance open-source software security by pooling resources and encouraging security experts (they call themselves hackers) to find flaws in open-source…

Intelligence & Analytics November 2, 2021

Using Open-Source Intelligence for Mergers and Acquisitions

3 min read - Mergers and acquisitions (M&A) have been challenging for IT and security teams for as long as businesses have relied on technology. Every company’s IT system is as unique as the company itself. Your business may run on commonly used tools…

Advanced Threats September 3, 2021

Fighting Cyber Threats With Open-Source Tools and Open Standards

7 min read - Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified.…

Application Security May 25, 2021

Supply Chain Attacks: How To Reduce Open-Source Vulnerabilities

3 min read - When you read that software supply chain attacks increased 42% in the first quarter of 2021 over Q4 2020, you might think the cybersecurity problem was related to the traditional supply chain. Many people think of a supply chain as…